The computer systems at Canada’s National Research Council (NRC) have been hacked by a “highly sophisticated Chinese state-sponsored actor,” which was discovered by Communications Security Establishment Canada, according to Canada’s chief information officer, Corinne Charette.
Charette issued a statement Tuesday confirming that NRC computers have been shut down to cease cyberattacks allegedly coming from China and to avoid leaking sensitive information. It has been reported that Chinese hackers have been attempting to gain access to NRC computers for the past month.
“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure. This could take approximately one year however; every step is being taken to minimize disruption,” Charette explained in the statement. “We understand that this incident will affect ongoing business operations and every step is being taken to minimize its impact on our clients and stakeholders.”
The NRC is the nation’s top science and research technology organization. It sees to leading-edge research related to satellite technology, space and industrial innovations and modified foods.
Although the infiltration had been targeted against the NRC, a breach could have led to greater implications since the government has converted 43 departments into a shared data service system. In other words, this could have created a historical breach in the Great White North.
NRC President John McDougall told employees in a conference call Tuesday that identity theft may have transpired and that employees’ personal information as well as clients and shareholders may have been compromised.
He recommended to everyone that they should refrain from connecting their smartphones, tablets or memory sticks into their computers.
Foreign Affairs Minister John Baird was actually situated in Beijing at the time of the attack. Baird’s office confirmed to CBC News that the cabinet minister had raised the issue with two Chinese counterparts and underwent two honest discussions.
The Chinese government is denying all and any accusations and speculations being made against China.
“We do not accept the groundless allegation of Chinese government’s involvement in any cyber intrusion or attack,” said Yang Yundong, a spokesperson for the Chinese Embassy in Canada, in a statement. “The Chinese government has always (been) firmly opposed to and combated cyberattacks in accordance with the law. In fact, China is a major victim of cyberattacks.”
This isn’t the first time that the Chinese have been blamed for penetrating government computers. In the past, the Finance department, the Treasury Board, the Bank of Canada, and the email accounts of Members of Parliament have been targeted.
In the United States, the government has accused Chinese hackers of regularly attempting to invade computers and attain data.
Last year, a 60-page report was released by Mandiant (PDF), a cybersecurity company located in the United States, and outlined that the Communist Party of China has been ordering the Chinese People’s Liberation Army (PLA) to initiate systemic cyber espionage and data theft against various entities and organizations around the world.
The report assessed how the Chinese military has been leaking into governments across the globe, seeping into companies operating natural gas pipelines and breaching into networks that control industrial systems and electric grids.
“We ran into APT1 again and again and again, so we started observing and orienting toward APT1 just because of the volume of attacks they were doing,” said Kevin Mandia, Mandiant founder and chief executive, in an interview with the New York Times. “After responding to APT1 for years, at over 100 different organizations, you start to pick up patterns over 98 percent of the time, when they were doing their intrusions in the U.S. companies, they were also using computer addresses from Shanghai. So I called 98 percent not an anomaly.”
It isn’t just governments that have been the victim of identity thefts and cyberattacks. In 2012, more than 13 million Americans have been casualties of such hackings. It is recommended that each person monitors their bank accounts rigorously, uses a credit card rather than a debit card and changes passwords frequently.